Frequently Asked Questions

General FAQs: The Drug Diversion App from LogicStream Health™

How do I know which clinicians are scoring highest and who should be reviewed in more depth?

The Drug Diversion App highlights the clinicians most at risk of diversion on the Surveillance Stream. This is a high-level overview of staff who are being reviewed, investigated, and those with the highest risk score for diversion. The list can be sorted in multiple ways. Also available is to view those clinicians who have a High Priority event in the last day, three days, or seven days. This allows the team to prioritize their work and focus attention on the most recent events to mitigate diversion quickly.

Visit The Drug Diversion App Website

What is the timeline for the risk score?

The risk score is calculated daily based on events that have occurred in the past 30 days.

Visit The Drug Diversion App Website

How is the risk score calcuated?

The risk score is a sum of the positive signals that are weighted and adjusted based on their significance and likelihood of diversion. It is a proprietary algorithm developed in conjunction with LogicStream Health’s innovation partners based on expected behaviors and clinical best practices.

Visit The Drug Diversion App Website

Where is the data coming from that is being used to determine the risk score?

LogicStream Health’s expertise and experience comes from years of working with hospitals and health systems to gather all the relevant electronic health record (EHR) data to solve critical problems. In addition to information from the EHR, The Drug Diversion App also pulls information from automated dispensing systems (ADS), central inventory systems, and time and attendance systems. All information is gathered in one view and combined when necessary behind the scenes to highlight signals of diversion.

Visit The Drug Diversion App Website

Who is included in the automated surveillance for diversion?

The Surveillance Stream includes an assessment of all employees who have EHR access and conduct medication transactions regardless of title or position.

Visit The Drug Diversion App Website

How are 'peer groups' defined in The Drug Diversion App?

Peer groups are defined as all employees who care for patients within a specific department and have similar responsibilities. For instance, nurses who work in the intensive care unit are compared to the nurses within that department to identify outliers and potential signs of diversion.

Visit The Drug Diversion App Website

Which medications are currently being evaluated for drug diversion?

By default, The Drug Diversion App monitors transactions related to all Class II to Class V controlled substances. Users of The App can easily add any medication on their hospital formulary and immediately begin monitoring that drug for potential diversion activity.

Visit The Drug Diversion App Website

Am I able to view a historic list of past events beyond the last 30 days?

Included with The Drug Diversion App is a timeline for each employee. The timeline includes all events that have been flagged, reviewed, or had notes documented on them. Past investigations and associated signals are tracked and maintained on the timeline as well. The overview page displays a graphical view of the past 30 days and how the employee’s score has changed and the signals that have been identified.

Visit The Drug Diversion App Website

How long is data retained?

By default, data is retained in The Drug Diversion App for one year. If signals are flagged, notes created, or the event is included in an investigation, the data is retained indefinitely.

Visit The Drug Diversion App Website

Is Protected Health Information viewable?

Yes. Protected Health Information (PHI) is required to conduct drug diversion investigations. All PHI is kept on the local server behind a hospital’s firewall. Access to PHI can be restricted by hospital’s system administrator and user roles can be defined to only allow employees who need access to PHI to view it.

Visit The Drug Diversion App Website

IT FAQs: The Drug Diversion App from LogicStream Health™

How is access controlled and logged?

The customer controls logins to the application, and what level of access each user has – ranging from read-only to full administrative access. The Drug Diversion App has audit logs of activity.

​Will The Drug Diversion App require any customer’s data leave the customer network?

Only content and summary data (e.g. the list of departments or order set catalog) will leave the customer’s network – PHI remains on-premises.

​Will PHI be processed in The Drug Diversion App?​

Yes, although it remains on-premises (it never leaves your network), and is only displayed to end-users who have been granted that level of access. User roles are determined by the hospital or health system and all PHI can be blinded. A business associate agreement (BAA) will be part of the agreement.

​Will The Drug Diversion App require that any of its hardware be installed on the customer’s network?


Has LogicStream Health’s security been verified?

Yes. Every year, LogicStream Health has an independent third party assess its security, including administrative controls, internal-facing technical controls, external-facing technical controls, web application vulnerability testing, and web application penetration testing.

Will The Drug Diversion App require that software be installed on the customer’s network?


  • Will this software be vendor supported?​ Yes – infrastructure is supported by the customer; The Drug Diversion App is supported by LogicStream Health.​

  • How often will The Drug Diversion App release updates/patches for the software and who is responsible for applying these updates?​ LogicStream Health typically schedules, tests and applies updates every three weeks, although occasional releases could be six or nine weeks. The LogicStream Health team will apply the updates.
Will the solution require any external connections to be made into or out of a customer network?


  • Is the data protected in transit?​ Yes – it is fully encrypted, both “at rest” and “in motion.”​

  • Are firewall rules configured to allow minimum access necessary? (limited by connection direction, port and server).​ Maybe – the application must be able to make outbound HTTPS requests to a few domains. If firewalls restrict outbound traffic, limited updates may be required. ​No inbound connections are used.